Firewall-based遠端網路的數位證據蒐集

本論文延伸Casey遠端鑑識裡證據保存與檢驗工具的優點(Casey and Stanley, 2004)，並更進一步提出改良，以增加的處理程序稽核程式，用來即時紀錄入侵事件，強化電腦鑑識之效率。基於我們的改良，不僅改善電腦鑑識效率，更重新規劃使用者端的操作，達到增進遠端網路系統鑑識效率的目的。本論文提出的Firewall-based遠端鑑識模式，提供了利用網路連結方式，遠距離蒐集數位證據的方法。可兼顧資訊存取效能及完整鑑識之需求，作為一旦發生資安事件時，進行數位鑑識的準則。

關鍵字

資訊安全；遠端鑑識；處理程序稽核程式

並列摘要

In this paper, we take the advantages of the scheme in Casey (Casey and Stanley, 2004) with Internet Forensics and enrich it to deter the network intrusion events using the audit programs. In this way, the performance in measuring the computer forensics is greatly improved. Besides, the operations in the user-end to the computer are enhanced to assist the forensic improvement of remote network systems. In our proposed model of firewall-base forensic systems, not only it can offer the long-distance effective evidence seizure, but also the requirements of forensic procedure and swift information access are both satisfied. In this case study, it can be referred to the standard operation procedure against the information security accident happenings.